Sanitizing user input

This commit is contained in:
Lukas Reschke 2012-06-11 00:36:58 +02:00
parent c898a8a6c9
commit 8f09299e24
2 changed files with 3 additions and 3 deletions

View File

@ -141,7 +141,7 @@ class TileStack extends TileBase {
} }
public function get() { public function get() {
$r = '<div class="title gallery_div">'.$this->stack_name.'</div>'; $r = '<div class="title gallery_div">'.htmlentities($this->stack_name).'</div>';
for ($i = 0; $i < count($this->tiles_array); $i++) { for ($i = 0; $i < count($this->tiles_array); $i++) {
$top = rand(-5, 5); $top = rand(-5, 5);
$left = rand(-5, 5); $left = rand(-5, 5);
@ -168,7 +168,7 @@ class TileStack extends TileBase {
} }
public function getOnClickAction() { public function getOnClickAction() {
return 'javascript:openNewGal(\''.$this->stack_name.'\');'; return 'javascript:openNewGal(\''.htmlentities($this->stack_name).'\');';
} }
private $tiles_array; private $tiles_array;

View File

@ -14,7 +14,7 @@ div.visible { opacity: 0.8;}
</style> </style>
<script type="text/javascript"> <script type="text/javascript">
var root = "<?php echo $root; ?>"; var root = "<?php echo htmlentities($root); ?>";
function explode(element) { function explode(element) {
$('div', element).each(function(index, elem) { $('div', element).each(function(index, elem) {